With GrapheneOS, specifically, it kind of defeats their design goals[0] -- so on Graphene I would say it is not a viable solution.

On other custom ROMS such as CalyxOS (my go-to for my Pixels), or LineageOS, I have used microG and it works very well.

[0] https://nitter.net/GrapheneOS/status/1437380576055541761

GrapheneOS instead went on to implement a whole sandbox which can run google services properly, without hacks like spoofing signatures (which is required for microG).

In practice, you can run most apps on GrapheneOS.

The thread you're linking explains why we developed sandboxed Google Play compatibility layer for better privacy, security and far broader app compatibility. On an OS using microG, you still have the Google Play code running in each of the apps you're using which depend on Google Play. You aren't avoiding the Google Play code. In fact, you're running it with more privileges than it has on GrapheneOS where there's a stronger sandbox and permission model. You're avoiding part of the Google Play code: the part sitting between the Google Play SDK / libraries and their services (but not quite, since microG downloads and runs droidsec/snet within the context of microG, which has significantly elevated privileges on CalyxOS).

> we developed sandboxed Google Play compatibility layer for better privacy, security and far broader app compatibility.

Does this mean you could install and run Google Play apps on GrapheneOS now? Last I used GrapheneOS (2020), I wasn't able to.

Thank you for the explanation!

GrapheneOS developed our sandboxed Google Play compatibility layer to provide support for running Google Play as regular apps in the full standard app sandbox. They work like any other apps and can't do anything that a regular user installed app can't do. Since they're regular apps, all our work on improving the app sandbox and permission model in a compatible way applies to them. For example, you can revoke our Sensors toggle from them (or even Network, but that would prevent using their services, which many apps depend on for real use) and can use Storage Scopes instead of granting any storage permissions, etc. In practice, you don't need to grant any permissions to Google Play when using sandboxed Google Play. Our location rerouting feature reimplements the Play services geolocation API based on the standard AOSP location API based on GNSS (GPS, GLONASS, etc.) + A-GNSS. If you really want to use Google Play network location, it's possible, by granting background location access to it, enabling their network location toggle and disabling our location request rerouting feature. We plan to provide more of these rerouting features in the future when it makes sense.

Thanks; if network and other permissions can be revoked from GApps, which otherwise have all possible device permissions, it eliminates the need for MicroG. I will try it out.